The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2024-03-26T12:58:53Zhttps://gitlab.torproject.org/tpo/web/manual/-/issues/158Update instructions about using built-in bridges in Tor Browser2024-03-26T12:58:53Zebanamebanam@torproject.orgUpdate instructions about using built-in bridges in Tor Browserhttps://tb-manual.torproject.org/circumvention/
The UX has changed a bit. Let's review and update this section about using built-in bridges with Tor Browser.
> USING PLUGGABLE TRANSPORTS
>
> To use a pluggable transport, click "Configu...https://tb-manual.torproject.org/circumvention/
The UX has changed a bit. Let's review and update this section about using built-in bridges with Tor Browser.
> USING PLUGGABLE TRANSPORTS
>
> To use a pluggable transport, click "Configure Connection" when starting Tor Browser for the first time. Under the "Bridges" section, locate the option "Choose from one of Tor Browser's built-in bridges" and click on "Select a Built-In Bridge" option. From the menu, select whichever pluggable transport you'd like to use.
>
> Once you've selected the pluggable transport, scroll up and click "Connect" to save your settings.
>
> Or, if you have Tor Browser running, click on "Settings" in the hamburger menu (≡) and then on "Connection" in the sidebar. Under the "Bridges" section, locate the option "Choose from one of Tor Browser's built-in bridges" and click on "Select a Built-In Bridge" option. Choose whichever pluggable transport you'd like to use from the menu. Your settings will automatically be saved once you close the tab.
/cc @nina @emmapeelebanamebanam@torproject.orgebanamebanam@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40092Improve docs on network_mode: host (and network in general)2023-01-18T16:18:15ZchmacImprove docs on network_mode: host (and network in general)When I found this repo, the example line `network_mode: host` jumped out at me as suspicious. I looked up the docs and figured that it's probably because snowflake requires lots of ports or so. I figured that my trust in the tor project ...When I found this repo, the example line `network_mode: host` jumped out at me as suspicious. I looked up the docs and figured that it's probably because snowflake requires lots of ports or so. I figured that my trust in the tor project is pretty high, and so I'm running a snowflake node.
But, I'm not really sure what network conditions it needs. Does it expect that `network_mode: host` means it's running on a host which has a publicly accessible IP? Does it needs ports on that host's firewall open?
The idea behind this issue is to improve the docs in this area so that snowflake hosts like myself can figure out what network conditions are required for snowflake to work. For example, I have no idea if my node is actually functional right now, I also have no idea how to test it.
Some example questions we could aim to answer:
- What ports does snowflake run on?
- Does snowflake need to be run on a machine with a public IP?
- Does snowflake run properly if behind a NAT?
- Does snowflake require specific ports to be opened in the system firewall?
- How can a server admin test if snowflake is properly configured and working?
As an add on, it would be great to see answers to questions like these:
- How much bandwidth can one expect snowflake to use?
- Does it make sense to add any kind of limits?
- If so, how would that be done?
- Are there any security considerations to running a snowflake server?
- What sort of system resources (CPU, memory) does snowflake use?
- Does it make sense to check on this periodically for memory leaks, etc?
- How can one be notified when updates are published to the docker image?
- Is there a security mailing list where one could be notified of any security issues that require urgent update of the snowflake server?
Finally, thanks for making the tor network more resilient, snowflake looks to be an awesome improvement for people in locations with internet censorship, and thanks for working on tor in general, it's a phenomenal resource supporting the human experience.https://gitlab.torproject.org/tpo/web/community/-/issues/138[Training] Add remote training tips2023-06-15T10:28:53ZGus[Training] Add remote training tipsGusGushttps://gitlab.torproject.org/tpo/network-health/team/-/issues/170Add a section about prefered way to distribute packages at Python Guidelines2022-02-28T14:17:59ZjugaAdd a section about prefered way to distribute packages at Python GuidelinesAs commented at https://gitlab.torproject.org/tpo/network-health/sbws/-/issues/28759#note_2772472 we thought it might be useful to have an small section about distributing Python packages at https://gitlab.torproject.org/tpo/network-heal...As commented at https://gitlab.torproject.org/tpo/network-health/sbws/-/issues/28759#note_2772472 we thought it might be useful to have an small section about distributing Python packages at https://gitlab.torproject.org/tpo/network-health/team/-/wikis/Python-guidelines.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40102Several devices on the same network ?2022-03-01T15:55:27ZcypherpunksSeveral devices on the same network ?Hi !
I got in touch with you once with that question :
- Is it possible to install Snowflake on all the devices connected to the same local network ? (Ex : On a family, on 2 PCs)
Your answer :
- Mmm, it's not recommended.
My request :
...Hi !
I got in touch with you once with that question :
- Is it possible to install Snowflake on all the devices connected to the same local network ? (Ex : On a family, on 2 PCs)
Your answer :
- Mmm, it's not recommended.
My request :
- To know if your answer is still relevant
- Whatever, can you write in the Wiki/website FAQ, etc. ?
Thank you ! Tons of love. :) ♥https://gitlab.torproject.org/tpo/network-health/team/-/issues/27Ramp up and document our sybil detection efforts2024-01-16T13:54:00ZGeorg KoppenRamp up and document our sybil detection effortsThis is the parent ticket for our sybil detection efforts.
- [x] #25
- [x] #28
- [x] #59This is the parent ticket for our sybil detection efforts.
- [x] #25
- [x] #28
- [x] #59https://gitlab.torproject.org/tpo/web/community/-/issues/263[Bridges] Add dnstt instructions2022-03-27T16:09:26ZGus[Bridges] Add dnstt instructionsAs volunteers will be able to run bridges with dnstt pluggable transport, we will need to update bridges documentation.
Since it's a go binary, maybe we should have one page with instructions instead of doing platform specific.
As dnstt...As volunteers will be able to run bridges with dnstt pluggable transport, we will need to update bridges documentation.
Since it's a go binary, maybe we should have one page with instructions instead of doing platform specific.
As dnstt bridges is still under development, we should follow this ticket timeline:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/40001#note_2788292https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40128Give standalone snowflakes guidance on how best to set up their nat2023-03-31T16:56:08ZRoger DingledineGive standalone snowflakes guidance on how best to set up their natAccording to our current broker stats (https://snowflake-broker.torproject.net/debug), we have
```
current snowflakes available: 3021
standalone proxies: 2589
browser proxies: 5
webext proxies: 250
unknown proxies: 177
NAT Types avai...According to our current broker stats (https://snowflake-broker.torproject.net/debug), we have
```
current snowflakes available: 3021
standalone proxies: 2589
browser proxies: 5
webext proxies: 250
unknown proxies: 177
NAT Types available:
restricted: 2512
unrestricted: 386
unknown: 123
```
i.e. most of the snowflakes that we're giving out seem to be standalone ones as opposed to browser extension ones, and also most of the ones we have available to us are behind restricted nat.
It seems to me that the standalone ones are probably in a better position to be behind the good kind of nat (or no nat at all). But does our docker image impose the bad kind of nat on them by default? How come so many standalone proxies are behind restricted nat?
More generally: is there useful guidance we can give people, on setting themselves up with the right kind of nat, presuming they're on a VPS or otherwise on a 'real' internet connection?shelikhooshelikhoohttps://gitlab.torproject.org/tpo/onion-services/onionmine/-/issues/9UX enhancements2023-06-14T20:17:41ZSilvio RhattoUX enhancementsApply some UX enhancements (from a sysadmin point of view) to make Onionmine adoption easier, including installation, usage and documentation.
Onionmine is just a wrapper around a vanity address generation tool, but any improvements tha...Apply some UX enhancements (from a sysadmin point of view) to make Onionmine adoption easier, including installation, usage and documentation.
Onionmine is just a wrapper around a vanity address generation tool, but any improvements that makes this task easier might be worth the effort.https://gitlab.torproject.org/tpo/core/arti/-/issues/645Android guide should be more explicit on why feature=static is required, and ...2023-01-10T19:00:58Ztrinity-1686aAndroid guide should be more explicit on why feature=static is required, and what it solves> First add the subcrates of arti you want to use to the [dependencies] section. You'll have to add features=["static"] to crates that support this feature (at the moment tor-rtcompat, tor-dirmgr and arti-client): otherwise they will fai...> First add the subcrates of arti you want to use to the [dependencies] section. You'll have to add features=["static"] to crates that support this feature (at the moment tor-rtcompat, tor-dirmgr and arti-client): otherwise they will fail either to compile or to run.
People are having issues compiling openssl. Following the above statement is enough to fix the issue, but people pointed to the guide just search for "openssl" and find nothing, so they assume there is no answer there when there actually is.
The error they get instead is quiet cryptic:
```
error: failed to run custom build command for `openssl-sys v0.9.76`
Caused by:
process didn't exit successfully: `/project-name/target/debug/build/openssl-sys-1f2017401b9375aa/build-script-main` (exit status: 101)
--- stdout
cargo:rustc-cfg=const_fn
cargo:rustc-cfg=openssl
cargo:rerun-if-env-changed=ARMV7_LINUX_ANDROIDEABI_OPENSSL_LIB_DIR
ARMV7_LINUX_ANDROIDEABI_OPENSSL_LIB_DIR unset
cargo:rerun-if-env-changed=OPENSSL_LIB_DIR
OPENSSL_LIB_DIR unset
cargo:rerun-if-env-changed=ARMV7_LINUX_ANDROIDEABI_OPENSSL_INCLUDE_DIR
ARMV7_LINUX_ANDROIDEABI_OPENSSL_INCLUDE_DIR unset
cargo:rerun-if-env-changed=OPENSSL_INCLUDE_DIR
OPENSSL_INCLUDE_DIR unset
cargo:rerun-if-env-changed=ARMV7_LINUX_ANDROIDEABI_OPENSSL_DIR
ARMV7_LINUX_ANDROIDEABI_OPENSSL_DIR unset
cargo:rerun-if-env-changed=OPENSSL_DIR
OPENSSL_DIR unset
cargo:rerun-if-env-changed=OPENSSL_NO_PKG_CONFIG
cargo:rerun-if-env-changed=PKG_CONFIG_ALLOW_CROSS_armv7-linux-androideabi
cargo:rerun-if-env-changed=PKG_CONFIG_ALLOW_CROSS_armv7_linux_androideabi
cargo:rerun-if-env-changed=TARGET_PKG_CONFIG_ALLOW_CROSS
cargo:rerun-if-env-changed=PKG_CONFIG_ALLOW_CROSS
cargo:rerun-if-env-changed=PKG_CONFIG_armv7-linux-androideabi
cargo:rerun-if-env-changed=PKG_CONFIG_armv7_linux_androideabi
cargo:rerun-if-env-changed=TARGET_PKG_CONFIG
cargo:rerun-if-env-changed=PKG_CONFIG
cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR_armv7-linux-androideabi
cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR_armv7_linux_androideabi
cargo:rerun-if-env-changed=TARGET_PKG_CONFIG_SYSROOT_DIR
cargo:rerun-if-env-changed=PKG_CONFIG_SYSROOT_DIR
run pkg_config fail: "pkg-config has not been configured to support cross-compilation.\n\nInstall a sysroot for the target platform and configure it via\nPKG_CONFIG_SYSROOT_DIR and PKG_CONFIG_PATH, or install a\ncross-compiling wrapper for pkg-config and set it via\nPKG_CONFIG environment variable."
--- stderr
thread 'main' panicked at '
Could not find directory of OpenSSL installation, and this `-sys` crate cannot
proceed without this knowledge. If OpenSSL is installed and this crate had
trouble finding it, you can set the `OPENSSL_DIR` environment variable for the
compilation process.
Make sure you also have the development packages of openssl installed.
For example, `libssl-dev` on Ubuntu or `openssl-devel` on Fedora.
If you're in a situation where you think the directory *should* be found
automatically, please open a bug at https://github.com/sfackler/rust-openssl
and include information about your system as well as this message.
$HOST = x86_64-unknown-linux-gnu
$TARGET = armv7-linux-androideabi
openssl-sys = 0.9.76
', /home/user/.cargo/registry/src/github.com-1ecc6299db9ec823/openssl-sys-0.9.76/build/find_normal.rs:191:5
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
```https://gitlab.torproject.org/tpo/onion-services/oniongroove/-/issues/5Vendorize Onion MkDocs2024-03-27T21:47:27ZSilvio RhattoVendorize Onion MkDocsVendorize [Onion MkDocs](https://gitlab.torproject.org/rhatto/onion-mkdocs), so it's easier to retrieve updates.Vendorize [Onion MkDocs](https://gitlab.torproject.org/rhatto/onion-mkdocs), so it's easier to retrieve updates.Oniongroove 0.1.0Silvio RhattoSilvio Rhatto2024-05-16https://gitlab.torproject.org/tpo/web/support/-/issues/355Please add a FAQ to explain users that disabling RFP is very bad2023-11-23T15:32:50ZPier Angelo VendramePlease add a FAQ to explain users that disabling RFP is very badStarting with Tor Browser 13.0, we decided to lock `privacy.resistFingerprinting`.
RFP is a very important setting.
Disabling RFP makes you easily fingerprintable in a lot of ways, including hardware!
Generally speaking, Mozilla is well...Starting with Tor Browser 13.0, we decided to lock `privacy.resistFingerprinting`.
RFP is a very important setting.
Disabling RFP makes you easily fingerprintable in a lot of ways, including hardware!
Generally speaking, Mozilla is well aware of these fingerprinting vectors and continuously add even more.
At the moment, the protection isn't granular, it's all or nothing (and I'm not saying it's bad - quite the opposite - it's the same philosophy of Tor Browser: normalize everything).
Also, when we send patches to Mozilla, we often gate them behind RFP.
Setting RFP to false is like telling that you don't want a bunch of our patches.
RFP has usability issues (e.g., it constantly resets the zoom level, which can be a big accessibility problem).
We're aware of that and it's in our roadmap.
We've received some feedback against our decision after the release, and we still get from time to time.
I think we could have a FAQ about this.ebanamebanam@torproject.orgebanamebanam@torproject.orghttps://gitlab.torproject.org/tpo/team/-/issues/178Document how Sponsor codes work2023-06-23T11:39:23ZSilvio RhattoDocument how Sponsor codes workWiki page [How we do project management at The Tor Project][] mentions the concept of a "Sponsor", but it could also document the sponsor code logic, including:
1. Whether they're tied to a project, a contract, an actual sponsor etc.
2....Wiki page [How we do project management at The Tor Project][] mentions the concept of a "Sponsor", but it could also document the sponsor code logic, including:
1. Whether they're tied to a project, a contract, an actual sponsor etc.
2. How they're assigned.
3. How (often) they can change.
4. How to handle sponsor codes in the documentation/code/repositories.
5. Other useful information.
[How we do project management at The Tor Project]: https://gitlab.torproject.org/tpo/team/-/wikis/process/How-we-do-project-management-at-The-Tor-Projecthttps://gitlab.torproject.org/tpo/web/manual/-/issues/137Add section about crypto warning popup2022-12-17T15:19:26ZdonutsAdd section about crypto warning popupSee https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41363 for the most recent work happening on this component, and https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40899#note_2863965 for discussion...See https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41363 for the most recent work happening on this component, and https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40899#note_2863965 for discussion about the support URL.
tl;dr we have a `Learn more` link in the wingpanel that currently points to support-dot, which presumably was a temporary measure until dedicated content could be created.https://gitlab.torproject.org/tpo/network-health/tor-weather/-/issues/16Update README with section for dependency update procedure2023-12-13T16:00:24ZGeorg KoppenUpdate README with section for dependency update procedureIn case we need to update some of our dependencies e.g. due to a security fix it would be nice to have a section in our README detailing how to do that so that our prod deployment is affected as little as possible and someone who has to ...In case we need to update some of our dependencies e.g. due to a security fix it would be nice to have a section in our README detailing how to do that so that our prod deployment is affected as little as possible and someone who has to do that job has a step-by-step recipe.https://gitlab.torproject.org/tpo/web/support/-/issues/320Add an FAQ like "anybody can run a relay, including NSA/governments/big data ...2023-11-07T13:31:21ZPier Angelo VendrameAdd an FAQ like "anybody can run a relay, including NSA/governments/big data companies/etc. Isn't this bad?"We often receive that question in several places, like #tor-project, but also on Reddit and other places.
We should add an official FAQ to definitely answer that question, so that we can just link it whenever we are asked again.
The ol...We often receive that question in several places, like #tor-project, but also on Reddit and other places.
We should add an official FAQ to definitely answer that question, so that we can just link it whenever we are asked again.
The old site had https://2019.www.torproject.org/docs/faq#CanExitNodesEavesdrop.ebanamebanam@torproject.orgebanamebanam@torproject.orghttps://gitlab.torproject.org/tpo/network-health/team/-/issues/286Create repository for our Grafana MetricsPort template2024-03-27T09:40:08ZGeorg KoppenCreate repository for our Grafana MetricsPort templateWe have a `MetricsPort`-related template for our Grafana dashboard. It might benefit the community from having that template in a dashboards project in Gitlab so we can easily track changes in it. And maybe we want to add other dashboard...We have a `MetricsPort`-related template for our Grafana dashboard. It might benefit the community from having that template in a dashboards project in Gitlab so we can easily track changes in it. And maybe we want to add other dashboards as well making them available to the wider public.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40256Standalone Snowflake proxy for Microsoft Windows2023-03-07T14:55:51ZRahim RollinsStandalone Snowflake proxy for Microsoft Windows> If you would like to run a command-line version of the Snowflake proxy on your **desktop** or server, see our guide for running a Snowflake standalone proxy.
[The "Standalone Snowflake proxy" page](https://community.torproject.org/rel...> If you would like to run a command-line version of the Snowflake proxy on your **desktop** or server, see our guide for running a Snowflake standalone proxy.
[The "Standalone Snowflake proxy" page](https://community.torproject.org/relay/setup/snowflake/standalone/) provides instructions for installing and configuring the CLI version of Snowflake proxy on Debian, Fedora, Arch Linux, FreeBSD and Ubuntu. However, most users (working on Windows) would be able to help other users bypass censorship without having to keep the browser running. Now this possibility is impossible for them. At least for such volunteers there is not even an instruction, unlike users of the operating systems listed above.https://gitlab.torproject.org/tpo/network-health/metrics/onionperf/-/issues/40058Create Onionperf release template2023-03-03T08:35:33ZGeorg KoppenCreate Onionperf release templateWe had some back and forth during the last release (1.1) which indicates that we could benefit from some release template/check list. That list could contain (among other things) steps like:
1. Bump versions in all places (TODO: spell th...We had some back and forth during the last release (1.1) which indicates that we could benefit from some release template/check list. That list could contain (among other things) steps like:
1. Bump versions in all places (TODO: spell that one out) on `dev`
2. Add changelog entries
3. merge `dev` into `master`
4. tag a release, sign it, and push the taghttps://gitlab.torproject.org/tpo/network-health/tor-weather/-/issues/53Create new spec and add it to the repository2023-12-13T16:00:56ZGeorg KoppenCreate new spec and add it to the repositoryThe old Tor Weather had a [design specification](https://gitweb.torproject.org/weather.git/tree/doc/design.txt) and it would be useful to create a new one, maybe built on the old one, for the current code base. We could ship it in a /doc...The old Tor Weather had a [design specification](https://gitweb.torproject.org/weather.git/tree/doc/design.txt) and it would be useful to create a new one, maybe built on the old one, for the current code base. We could ship it in a /doc dir or something.